theregister

Warning over Java libraries and deserialization security weaknesses

Boffins at universities in France, Germany, Luxembourg, and Sweden took a deep dive into known Java deserialization vulnerabilities, and have now resurfaced with their findings. In short, they've ...
Dark Reading

Why The Java Deserialization Bug Is A Big Deal

A recent blog post by FoxGlove Security that described remotely executable exploits against several major middleware products including WebSphere, WebLogic, and JBoss has focused attention on what ...
IEEE

Improving Java Deserialization Gadget Chain Mining via Overriding-Guided Object Generation

Abstract: Java (de)serialization is prone to causing security-critical vulnerabilities that attackers can invoke existing methods (gadgets) on the application's classpath to construct a gadget chain ...
GitHub

bupt007/Java-Deserialization-Scanner

Java Deserialization Scanner is a Burp Suite plugin aimed at adding active and passive detection of Java deserialization issues. It was written by Federico Dotta, a Security Expert at @ ...
IEEE

Tabby: Automated Gadget Chain Detection for Java Deserialization Vulnerabilities

Abstract: Java is one of the preferred options of modern developers and has become increasingly more prominent with the prevalence of the open-source culture. Thanks to the serialization and ...
ZDNet

Deserialization issues also affect Ruby, not just Java, PHP, and .NET

The Ruby programming language is impacted by a similar "deserialization issue" that has affected and wreaked havoc in the Java ecosystem in 2016; an issue that later also proved to be a problem for ...
GitHub

Java-Deserialization-Cheat-Sheet

CommonsBeanutils1 @frohoff commons-beanutils:1.9.2, commons-collections:3.1, commons-logging:1.2 CommonsCollections1 @frohoff commons-collections:3.1 CommonsCollections2 @frohoff ...